How to create a Windows 10 security program
IT can get ahead of Windows 10 security problems by understanding its organizational needs and focusing on a few key areas, including patching and domain password policies.
Windows 10 is a resilient operating system, but it's not immune to security concerns. Malware infections, phishing, social engineering attacks, remote exploits and much more can put the operating system at risk.
Microsoft has taken steps to make Windows more secure with every release. Still, with all the variables involved and evolving business needs, IT must take a proactive approach to its Windows 10 security program that goes beyond strong passwords and periodic Windows updates and focuses on prevention. That starts with proper testing combined with finding and stopping security events as soon as, or shortly after, they occur. It's important that IT professionals acknowledge what their business requirements are and find the gaps so that they know what areas they must address.
As Windows 10's market share continues to rise, it gets more important all the time for IT pros to understand what it takes to build out an effective Windows 10 security program.
Where Windows 10 is at risk
Before IT pros attempt to lock down their Windows 10 systems, they first must understand the top areas of exposure and how they fit into their business needs and risk tolerance. A good place to start in terms of referencing what's happening at the endpoint is the Verizon Data Breach Investigations Report. The 2018 version highlights some key details on where attacks are coming from:
- 73% of breaches were perpetrated by outsiders;
- 92.4% of malware vectors were carried out via email; and
- 68% of breaches took months or longer to discover.
Test your knowledge on the hidden features of Windows 10
With all the features in Windows 10, it's easy to miss some of them. Take this quiz to demonstrate your knowledge of the operating system's attributes, which include a virtualization-based security tool.
Looking deeper into organizations' networks, including mobile and cloud, IT pros will likely find that their Windows 10 security program should include the following:
Patching, not just Windows and Office updates but also third-party software updates for Java, Adobe Reader and more.
Full-disk encryption using Microsoft BitLocker or other enterprise options from Symantec, WinMagic or a similar vendor.
Domain password policies that are consistent across workstations and servers as well as applications, databases and even non-Windows systems. The only way to get passwords right is to be consistent across the board.
Web content filtering that allows IT to not only enforce its security policies and follow the organization's internal rules, but also minimize the risk of malware infections. Products from vendors such as Barracuda Networks, WatchGuard Technologies and OpenDNS can help with this.
Proper malware protection that includes addressing advanced threats, using vendors such as Cylance, Endgame and Webroot.
Local file and data access that IT can control through data loss prevention -- at the endpoint -- and cloud access security brokers from vendors such as Symantec and Skyhigh Networks.
System logging, alerting and correlation, which are often overlooked or under-implemented security controls that can add a lot of value to a security program when IT uses them correctly. Vendors include LogRythm, Sumo Logic and AlienVault.
Proper vulnerability and penetration testing, which includes utilizing commercial-grade tools such as Rapid7's Nexpose vulnerability scanner, ElcomSoft's password cracking tools and Lucy Security's email phishing platform, for example.
Windows 10 built-in tools, users and outsourcing
Some of the latest Windows 10 security features -- such as Windows Defender Device Guard, Windows Defender Exploit Guard and Windows Hello -- can also help IT pros secure their Windows 10 deployments. The Windows Security Baselines are a great foundation for IT to incorporate into its desktop security standards.
No matter how much time, money and effort IT puts into its Windows 10 security program, however, it won't be enough. IT pros can do all the right things and yet suffer a security incident or breach at some point. All it takes is one oversight from IT or a distracted or misinformed user making a mistake for a security breach to occur.
Therefore, an important component of any Windows 10 security program is for IT to focus on users. This means proper and consistent user awareness and training, documented security policies that properly set expectations, and periodic and consistent validation of user-centric weaknesses through phishing and social engineering.
IT pros should note that one of their best options for addressing Windows 10 desktop security needs may be to outsource. IT pros can consider outsourcing their system logging and alerting, user awareness and training programs, and ongoing security assessments.
One of the biggest mistakes IT and security teams make is to attempt to do it all and be the expert in all things security. IT pros must know their limitations and use good tools and vendors. This will allow them to focus more on strategic IT and security initiatives rather than getting lost in the weeds doing something someone else could do.